Beware of Weaponized MSI Installer Masquerading as WhatsApp to Deliver XWorm RAT
gbhackers
A newly identified cyber threat linked to a China-based threat actor has emerged, targeting users across East and Southeast Asia with a trojanized MSI installer disguised as a legitimate WhatsApp setup file.
This deceptive campaign delivers a customized version of the XWorm Remote Access Trojan (RAT), a malicious tool designed to infiltrate systems, steal sensitive data, and maintain persistent access for attackers.
Sophisticated Attack Targets East and Southeast Asia
The attack chain employs a complex multi-stage process involving encrypted shellcode hidden in image files, PowerShell scripts for persistence, and shellcode loaders, showcasing a high level of sophistication in evading traditional security measures.
What makes this variant of XWorm particularly dangerous is its enhanced functionality, including the ability to detect Telegram installations on compromised devices and report back to attackers via Telegram-based communication channels, providing a stealthy mechanism for exfiltrating data and receiving further instructions.
The ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE